Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."
Solution 1
The login with Facebook button on your site is linking to:
https://www.facebook.com/v2.2/dialog/oauth?client_id=1500708243571026&redirect_uri=http://openstrategynetwork.com/_oauth/facebook&display=popup&scope=email&state=eyJsb2dpblN0eWxlIjoicG9wdXAiLCJjcmVkZW50aWFsVG9rZW4iOiIwSXhEU05XamJjU0VaQWdqcmF6SXdOUWRuRFozXzc0X19lbVhGWUJTZGNYIiwiaXNDb3Jkb3ZhIjpmYWxzZX0=
Notice: redirect_uri=http://openstrategynetwork.com/_oauth/facebook
If you instead change the link to:
redirect_uri=http://openstrategynetwork.com/_oauth/facebook?close
It should work. Or, you can change the Facebook link to http://openstrategynetwork.com/_oauth/facebook
You can also add http://localhost/_oauth/facebook
to the valid redirect URIs.
Facebook requires that you whitelist redirect URIs, since otherwise people could login with Facebook for your service, and then send their access token to an attacker's server! And you don't want that to happen ;]
Solution 2
As the questioner writes
In the advanced tab, Valid OAuth redirect URIs is set to: ...
and I had the same problem (writing the redirect url into the wrong input field) I would like to highlight that
It's NOT
Settings -> Advanced -> Share Redirect Whitelist
but
Facebook Login -> Settings -> Valid OAuth redirect URIs
It would have saved me 2 hours of trial and error.
You should also have it in mind that
www.example.com
is not the same as example.com
. Add both formats to the redirect URL.
Solution 3
This worked for me.
redirect_url = http://127.0.0.1:8080/accounts/facebook/login/callback/
I got that from my browser after clicking the Facebook button you browser will be redirected to a link for integrating with Facebook API, so where you will get that redirect. For my case the link was this from where I got the redirect_url.
Solution 4
In my case, I just had to make sure I have my urls both with and without www for Application Domain and Redirect URLs:
In my case, I had to use: signin-facebook
after my site url, for redirect url.
Solution 5
Make sure "App Domain" and Facebook Login => Valid OAuth redirect URIs. There you must check www or without www. Its better if you use with www or without for all URLs in php,html,css files and Fb app settings.
Other thing is if you're using "/" end of the URLs you must add that URL to app settings of Valid OAuth redirect URIs. Example:- https://www.example.com/index.php/ if this url if youre using in the redirect url you must set that to app settings.
Hope this would be help.
Comments
-
Amir Rahbaran over 3 years
Important notice:
If you register for testing, go to your profile settings and to your interests add delete profile.
Trying to login with Facebook to my website:
I get the following error:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
My
settings
(Basics) in Facebook are:- App Domains: openstrategynetwork.com
- Site URL for
website
: http://openstrategynetwork.com/
In the advanced tab,
Valid OAuth redirect URIs
is set to:http://openstrategynetwork.com/_oauth/facebook?close
App is
public
.More settings (Advanced) here:
App key and secret are correct. I'm using Meteor and its accounts packages.
-
AlvinfromDiaspar almost 8 yearsWhat exactly is a OAuth redirect URI? I would expect this to be the same URL as the root web app.
-
qwertzman almost 7 yearsin app domain you add both with and without www
-
andymel over 6 yearsDown-voters: please add a comment about your concerns, otherwise the answer wont get better.
-
Jawad about 6 yearsrequirement of matching redirect URIs with the URL of website is not possible for me because my redirect URIs or defined on another server and my website is served from different server, hwo can i go about it?
-
abtecas about 6 yearsThis seems to work. Although Im not sure if it was not originally as I was trying to log in with the account that I have the app created under. Implemented this solution, and used a different account and it worked (seemingly). The language and info on oAuth redirect URIs needs to be clear. The info is quit esoteric and almost arcane. Terms used aren't even defined or clarified.
-
ricks over 5 yearsJesus, i spent so much time looking in the wrong place, thank you.
-
Sweet Chilly Philly over 5 yearsthanks so much fixed my issue! even though i got ssl working
-
davaus almost 5 yearsFor my MVC application, I had to add "/signin-facebook" to the site url....thanks for the wonderful tip!
-
TheBAST over 4 yearsWhat do you mean by this post friend I'm kinda confused.
-
Usama Saleem over 4 yearsThe trick is to look at the redirect url and add that to the "Valid OAuth Redirect URIs" in my case thats signin-facebook.
-
XCS over 4 yearsTrying to add a new URI I get:
New HTTP Redirect URIs are not allowed
:( -
Darius.V over 4 yearsAre App Domains really needed? When I tested locally, it worked without setting App Domains
-
Hooman Bahreini over 4 yearsDo you use oAuth, and redirection?
-
Darius.V over 4 yearsyes. I use symfony bundle github.com/knpuniversity/oauth2-client-bundle
-
Sunil Kumar over 4 yearsThanks so much. I tried everything, but at wrong place. What does "Share Redirect Whitelist" means?
-
kn3l almost 4 yearsYou save my weeks @Umar Asghar
-
Bhavin Rana almost 4 years1. make sure to add with and without www urls to your Valid Auth redirect URIs
-
Abhishek Matta over 3 yearsMy redirect URL is https://${base_url}/#/fb-confirm Why this hash is causing a problem in this
-
Son Nguyen over 3 yearsThis is the answer for me. Also you want to go to
Settings -> Advanced -> Security -> Server IP Allow List
if Facebook complains about IP -
eBoody about 3 yearsim fortunate to have run into your answer before spending two hours, which I likely would have! Thank you!
-
Bennyboy1973 almost 3 yearsWHY can't I upvote one answer 1000 times?
-
DCoderT about 2 years@Bennyboy1973 Hey Benny, I'm somewhat confused as to how I should get the redirect URL. I.e I'm not 100% sure what it is since I cannot see it. Any idea on where I would get it?
-
andymel about 2 years@DCoderT you are free to choose your redirect URL. A user will get redirected to this URL when the OAuth process (Log in) is finished